com.amazonaws.encryptionsdk.caching

Class CachingCryptoMaterialsManager.Builder

java.lang.Object

com.amazonaws.encryptionsdk.caching.CachingCryptoMaterialsManager.Builder

Enclosing class:

CachingCryptoMaterialsManager

public static class CachingCryptoMaterialsManager.Builder
extends Object

Method Summary

Modifier and Type	Method and Description
CachingCryptoMaterialsManager	build()
CachingCryptoMaterialsManager.Builder	withBackingMaterialsManager(CryptoMaterialsManager backingCMM) Sets the CryptoMaterialsManager that should be queried when the CachingCryptoMaterialsManager (CCMM) incurs a cache miss.
CachingCryptoMaterialsManager.Builder	withByteUseLimit(long byteUseLimit) Sets the maximum number of plaintext bytes that can be encrypted under the same a cached data key.
CachingCryptoMaterialsManager.Builder	withCache(CryptoMaterialsCache cache) Sets the cache to which this CryptoMaterialsManager will be bound.
CachingCryptoMaterialsManager.Builder	withMasterKeyProvider(MasterKeyProvider mkp) Sets the MasterKeyProvider that should be queried when the CachingCryptoMaterialsManager (CCMM) incurs a cache miss.
CachingCryptoMaterialsManager.Builder	withMaxAge(long maxAge, TimeUnit units) Sets the maximum lifetime for entries in the cache, for both encrypt and decrypt operations.
CachingCryptoMaterialsManager.Builder	withMessageUseLimit(long messageUseLimit) Sets the maximum number of individual messages that can be encrypted under the same a cached data key.
CachingCryptoMaterialsManager.Builder	withPartitionId(String partitionId) Sets the partition ID for this CMM.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

withBackingMaterialsManager

public CachingCryptoMaterialsManager.Builder withBackingMaterialsManager(CryptoMaterialsManager backingCMM)

Sets the CryptoMaterialsManager that should be queried when the CachingCryptoMaterialsManager (CCMM) incurs a cache miss.

You can set either a MasterKeyProvider or a CryptoMaterialsManager to back the CCMM - the last value set will be used.

Parameters:

backingCMM - The CryptoMaterialsManager to invoke on cache misses

Returns:

this builder

withMasterKeyProvider

public CachingCryptoMaterialsManager.Builder withMasterKeyProvider(MasterKeyProvider mkp)

Sets the MasterKeyProvider that should be queried when the CachingCryptoMaterialsManager (CCMM) incurs a cache miss.

You can set either a MasterKeyProvider or a CryptoMaterialsManager to back the CCMM - the last value set will be used.

This method is equivalent to calling withBackingMaterialsManager(CryptoMaterialsManager) passing a DefaultCryptoMaterialsManager constructed using your MasterKeyProvider.

Parameters:

mkp - The MasterKeyProvider to invoke on cache misses

Returns:

this builder

withCache

public CachingCryptoMaterialsManager.Builder withCache(CryptoMaterialsCache cache)

Sets the cache to which this CryptoMaterialsManager will be bound.

Parameters:

cache - The cache to associate with the CMM

Returns:

this builder

withPartitionId

public CachingCryptoMaterialsManager.Builder withPartitionId(String partitionId)

Sets the partition ID for this CMM. This is an optional operation.

By default, two CMMs will never use each other's cache entries. This helps ensure that CMMs with different delegates won't incorrectly use each other's encrypt and decrypt results. However, in certain special circumstances it can be useful to share entries between different CMMs - for example, if the backing CMM is constructed based on some parameters that depend on the operation, you may wish for delegates constructed with the same parameters to share the same partition.

To accomplish this, set the same partition ID and backing cache on both CMMs; entries cached from one of these CMMs can then be used by the other. This should only be done with careful consideration and verification that the CMM delegates are equivalent for your application's purposes.

By default, the partition ID is set to a random UUID to avoid any collisions.

Parameters:

partitionId - The partition ID

Returns:

this builder

withMaxAge

public CachingCryptoMaterialsManager.Builder withMaxAge(long maxAge,
                                                        TimeUnit units)

Sets the maximum lifetime for entries in the cache, for both encrypt and decrypt operations. When the specified amount of time passes after initial creation of the entry, the entry will be considered unusable, and the next operation will incur a cache miss.

Parameters:

maxAge - The amount of time entries are allowed to live. Must be positive.

units - The units maxAge is expressed in

Returns:

this builder

withMessageUseLimit

public CachingCryptoMaterialsManager.Builder withMessageUseLimit(long messageUseLimit)

Sets the maximum number of individual messages that can be encrypted under the same a cached data key. This does not affect decrypt operations.

Specifying this limit is optional; by default, the limit is set to 2^32. This is also the maximum accepted value; if you specify a higher limit, an IllegalArgumentException will be thrown.

Parameters:

messageUseLimit - The maximum number of messages that can be encrypted by the same data key. Must be positive.

Returns:

this builder

withByteUseLimit

public CachingCryptoMaterialsManager.Builder withByteUseLimit(long byteUseLimit)

Sets the maximum number of plaintext bytes that can be encrypted under the same a cached data key. This does not affect decrypt operations.

Specifying this limit is optional; by default, the limit is set to 2^63 - 1.

While this limit can be set to zero, in this case keys can only be cached if they are used for zero-length messages.

Parameters:

byteUseLimit - The maximum number of bytes that can be encrypted by the same data key. Must be non-negative.

Returns:

this builder

build

public CachingCryptoMaterialsManager build()